openshift · stevsmit · Nov 1, 2023 · Oct 30, 2023
diff --git a/logging/cluster-logging-loki.adoc b/logging/cluster-logging-loki.adoc
@@ -14,6 +14,8 @@ include::modules/loki-deployment-sizing.adoc[leveloffset=+1]
 
 include::modules/cluster-logging-loki-deploy.adoc[leveloffset=+1]
 
+include::modules/logging-creating-new-group-cluster-admin-user-role.adoc[leveloffset=+1]
+
 include::modules/logging-loki-gui-install.adoc[leveloffset=+1]
 ////
 include::modules/logging-loki-restart-hardening.adoc[leveloffset=+1]

diff --git a/modules/cluster-logging-loki-deploy.adoc b/modules/cluster-logging-loki-deploy.adoc
@@ -142,4 +142,4 @@ endif::[]
 .. Under Console plugin, click *Disabled*.
 .. Select *Enable* and then *Save*. This change restarts the `openshift-console` pods.
 .. After the pods restart, you will receive a notification that a web console update is available, prompting you to refresh.
-.. After refreshing the web console, click *Observe* from the left main menu. A new option for *Logs* is available.
+.. After refreshing the web console, click *Observe* from the left main menu. A new option for *Logs* is available.
diff --git a/modules/logging-creating-new-group-cluster-admin-user-role.adoc b/modules/logging-creating-new-group-cluster-admin-user-role.adoc
@@ -0,0 +1,32 @@
+// Module included in the following assemblies:
+
+//  cluster-logging-loki.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="logging-creating-new-group-cluster-admin-user-role_{context}"]
+= Creating a new group for the cluster-admin user role
+
+include::snippets/logging-clusteradmin-access-logs-snip.adoc[]
+
+Use the following procedure to create a new group for users with `cluster-admin` permissions.
+
+.Procedure
+
+. Enter the following command to create a new group:
++
+[source,terminal]
+----
+$ oc adm groups new cluster-admin
+----
+. Enter the following command to add the desired user to the `cluster-admin` group:
++
+[source,terminal]
+----
+$ oc adm groups add-users cluster-admin <username>
+----
+. Enter the following command to add `cluster-admin` user role to the group:
++
+[source,terminal]
+----
+$ oc adm policy add-cluster-role-to-group cluster-admin cluster-admin
+----
diff --git a/snippets/logging-clusteradmin-access-logs-snip.adoc b/snippets/logging-clusteradmin-access-logs-snip.adoc
@@ -0,0 +1,13 @@
+// Text snippet included in the following assemblies:
+//
+//
+// Text snippet included in the following modules:
+//
+// * modules/logging-creating-new-group-cluster-admin-user-role.adoc
+//
+:_mod-docs-content-type: SNIPPET
+
+[IMPORTANT]
+====
+Querying application logs for multiple namespaces as a `cluster-admin` user, where the sum total of characters of all of the namespaces in the cluster is greater than 5120, results in the error `Parse error: input size too long (XXXX > 5120)`. For better control over access to logs in LokiStack, make the `cluster-admin` user a member of the `cluster-admin` group. If the `cluster-admin` group does not exist, create it and add the desired users to it.
+====